Siemens reports critical flaw in IAM Client on multiple industrial products

Siemens is reporting a critical vulnerability (CVE-2025-40800) in its IAM client component affecting multiple industrial software products, which allows unauthenticated attackers to conduct man-in-the-middle attacks due to improper certificate validation. Patches are available for most affected products.

**Make sure all your industrial systems are isolated from the internet and accessible from trusted networks only. If you are using COMOS, NX, Simcenter 3D, Simcenter Femap, Solid Edge plan a quick update for them. Not an urgent thing, but don't ignore this one. Someone will find a way to hack them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-reports-critical-flaw-in-iam-client-on-multiple-industrial-products-1-d-o-3-h/gD2P6Ple2L